<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title></title> <style type="text/css">  </style> </head> <body marginleft="10" marginright="10" margintop="10" marginbottom="10">            It's more that there should be an "official" way of doing plugins, and that the Bitfrost people should look at it when it comes around, which might not happen until later. But it's important not only to look at things from a security perspective but from a technical and usability perspective:            * Activities don't need a restart to handle plugins..            * Installation should be handled on a click on web link then run basis, just like with .xo packages..            * Minimal package management: the only thing the operating system should do is to look at downloaded ".plugin" packages and see which activity they apply to.           You know, the basics.. <meaningless tangent>           The fact is that lots of things in Sugar have not been specified yet with regards to how they should work (large activity suites like TamTam where you switch between several activities and stuff like that, methods for integrating data from various activities in order to create presentations and collages and screencasts and webpages and teddy bears...). I want to write a sort of independent design review thing, with an eye to small details like that, so that there's another point to anchor people's conceptions of how the end result should work than the Pentagram mockups (which they don't show in their entirety to random people off the street like me anyway, for some reason I hope to eventually understand), but before that happens I want to write a prototype for the bulletin board functionality (why not?), and before THAT happens I have to get proficient with writing Sugar stuff. </meaningless tangent>            Until then, I'm off to my day job. I just wanted to point out one of the things that should be thought about.            Serhei Makarov Ivan Krsti <krstic@solarsail.hcs.harvard.edu> writes: >Fully agreed; I'm thinking about this a lot. I spoke at PyCon about >seeing plugins as critical to managing software growth, so I consider >them an important use case. I'm open to ideas on approaching the >security aspect -- I have some, but none that I see as clearly good yet. > >-- >Ivan Krsti <krstic@solarsail.hcs.harvard.edu> | GPG: 0x147C722D </body> </html>